Page 23 of 536 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage. Se ha detectado una potencial vulnerabilidad de DOS en GitLab CE/EE afectando a todas las versiones anteriores a 15.2.5, a todas las versiones a partir de 15.3 anteriores a 15.3.4, a todas las versiones a partir de 15.4 anteriores a 15.4.1 Mientras era clonado un problema con contenido especialmente diseñado añadido a la descripción podría haberse usado para desencadenar un alto uso de la CPU • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3283.json https://gitlab.com/gitlab-org/gitlab/-/issues/361982 https://hackerone.com/reports/1543718 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. Se ha detectado una posible vulnerabilidad de DOS en GitLab CE/EE afectando todas las versiones anteriores a 15.1.6, todas las versiones a partir de 15.2 anteriores a 15.2.4 y a todas las versiones a partir de 15.3 anteriores a 15.3.2. El contenido malformado añadido a la descripción del problema podría haber sido usado para desencadenar un alto uso de la CPU • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json https://gitlab.com/gitlab-org/gitlab/-/issues/361982 https://hackerone.com/reports/1543718 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0

Improper control of a resource identifier in Error Tracking in GitLab CE/EE affecting all versions from 12.7 allows an authenticated attacker to generate content which could cause a victim to make unintended arbitrary requests Un control inapropiado de un identificador de recurso en el seguimiento de errores en GitLab CE/EE, afectando a todas las versiones a partir de 12.7, permite que un atacante autenticado genere contenido que podría causar que una víctima realice peticiones arbitrarias no deseadas • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3060.json https://gitlab.com/gitlab-org/gitlab/-/issues/365427 https://hackerone.com/reports/1600343 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 5.4EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions starting from 10.0 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1. It was possible for an unauthorised user to create issues in a project. Se ha detectado un problema en GitLab afectando a todas las versiones a partir de 10.0 anteriores a 15.2.5, todas las versiones a partir de 15.3 anteriores a 15.3.4, todas las versiones a partir de 15.4 anteriores a 15.4.1. Era posible que un usuario no autorizado creara problemas en un proyecto • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3066.json https://gitlab.com/gitlab-org/gitlab/-/issues/372149 https://hackerone.com/reports/1685105 •

CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0

A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests Una etiqueta diseñada en Jupyter Notebook viewer in GitLab EE/CE que afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4, y 15.3 a 15.3.2 permite a un atacante emitir peticiones HTTP arbitrarias • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json https://gitlab.com/gitlab-org/gitlab/-/issues/362272 https://hackerone.com/reports/1563379 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •